WTO – CRI Presentation

Jennifer L. BrantOctober 29, 2019

The Cyber Readiness Institute

CRI convenes senior leaders of global companies and their value chain partners from across sectors to share cybersecurity best practices and to develop content and tools to improve the cyber readiness of small and medium-sized businesses, in order to secure global value chains.

The Cyber Readiness Institute empowers small and medium-sized organizations with practical tools and resources to improve their cybersecurity.

Our first offering is the free, validated Cyber Readiness Program.

Our Co-Chairs and Members are cyber experts and business leaders – from across sectors and regions – who have come together to secure global value chains.

Leadership at the WTO to support SMEs

• Informal Working Group to advance MSMEs engagement with global markets. Work on trade finance. Analysis in 2016 World Trade Report.

• E-commerce negotiations, to create legal certainty and enhance opportunities for MSMEs and others.

• Address regulatory barriers, advance trade facilitation.

• Global Trade Helpdesk initiative, with UNCTAD and ITC.

• ICC-WTO Small Business Champions initiative. Trade dialogues.

CRI’s Program complements and reinforces such efforts.

Cyber readiness is critical for SMBs.

60% of cyber attacks target SMBs.

66% of SMBs had at least one cyber incident in the past two years.

60% of small companies go out of business within 6 months of a cyber attack.

Just 25% of SMBs report getting monthly training on good “cyber hygiene.”

By 2020, 50% of companies will evaluate cybersecurity when selecting business partners.

Authentication: 63% of data breaches result from weak or stolen passwords.

Patching: Hackers check to see when software companies issue a patch to address a security issue. Within hours of the patch being released, they develop malware to exploit the vulnerability knowing many will fail to install the patch.

Phishing: 91% of all cyber attacks start with a phishing email. And 81% of companies that fell for a phishing attack lost customers.

Removable Media: SMBs report that 27% of malware infections originated from infected USBs.

What to focus on, and why?

The CRI Program focuses on four key issues.

Authentication

A weak password is an easy access point to your most sensitive information and systems.

Patching

Patches are updates to your software and systems that contain important security remedies.

Phishing

Phishing is an email-borne attack that attempts to use your email account to do something malicious.

USBsUSBs and removable media devices are easy gateways for malware to infect your computer.

The Program also provides guidance on moving to the Cloud.

The CRI Approach

• Preventive measures.

• Organizational culture of cyber readiness.

• Practical tools that can be customized for each organization.

• Self-guided, led by internal Cyber Leader.

Cyber Readiness Program: 5 Stages

• Get Started: prepare organization and select Cyber Readiness Leader. Tips on being an effective Cyber Readiness Leader. Commitment letter between CEO and the Leader.

• Assess & Prioritize: learn about the four key issues: Authentication, Patching, Phishing, and USB use. Prioritize what to protect and what to move to the cloud and when. Establish baseline metrics.

• Agree & Commit: Access and modify policy templates so they are practical for organization. Develop incident response plan from template.

• Roll Out: Introduce the Cyber Readiness Program to workforce. Access training and communication kit. Workforce commitment letter.

• Measure Success: Re-do baseline metrics to measure impact. Obtain a certificate from the Cyber Readiness Institute.

ProgramImpact Rating Very

Little Impact7%

Moderate Impact19%

High Impact48%

Very High Impact26%

How Program Users Rated the Impact of the CRI ProgramDecember 17, 2018- August 31, 2019

Very Little Impact

Little Impact

Moderate Impact

High Impact

Very High Impact

SMBs Piloting the Cyber Readiness Program

Sector LocationAgriculture Egypt

Health & Fitness Switzerland

Money Transfer Egypt

Real Estate United States

Investment United States

Higher Education United States

Telecommunications South Africa

Supply Management Switzerland

Manufacturing United States

Construction United States

Software Egypt

Manufacturing United States

Investment United States

IT Services United States

IT Services United States

Dairy United States

Library United States

Healthcare United States

Food Service United States

2019 Global Distribution: CRI Champions

• This year, we will touch over 1 million SMBs in Europe, the Americas, Asia, and the Middle East.

• Champions – universities, companies, industry groups, and others – raise awareness about the Cyber Readiness Program to their networks. We support them.

• Champions give input to improve our impact and content.• Translations in 2019: French, Spanish, Portuguese, Chinese, Arabic, Japanese, and Burmese.

• The Cyber Readiness Program is a free, validated tool for stakeholders. Work with us to disseminate it globally!

The Program

www.cyberreadinessinstitute.org

What can the MSMEs Working Group do?

• Include cybersecurity in work program, as a key factor supporting MSME integration into value chains.

• Encourage WTO and partner organizations – UNCTAD, UNIDO, ITC, and others – to work to advance MSME cybersecurity.

• At the national level: Work with CRI to distribute the Program via relevant Ministries, national industry groups, and other channels. It’s free and proven effective.

• Organize a webinar with CRI experts and your national stakeholders to discuss MSME cyber readiness – and practical steps for improvement.

Thank you!

Jennifer Brantjbrant@cyberreadinessinstitute.org